]>
Commit | Line | Data |
---|---|---|
cda056bb | 1 | #include <inttypes.h> |
cda056bb | 2 | #include "crapto1.h" |
3 | #include <stdio.h> | |
4 | #include <stdlib.h> | |
5 | ||
6 | int main (int argc, char *argv[]) { | |
7 | struct Crypto1State *s,*t; | |
8 | uint64_t key; // recovered key | |
9 | uint32_t uid; // serial number | |
10 | uint32_t nt; // tag challenge | |
11 | uint32_t nr0_enc; // first encrypted reader challenge | |
12 | uint32_t ar0_enc; // first encrypted reader response | |
13 | uint32_t nr1_enc; // second encrypted reader challenge | |
14 | uint32_t ar1_enc; // second encrypted reader response | |
15 | uint32_t ks2; // keystream used to encrypt reader response | |
16 | ||
17 | printf("MIFARE Classic key recovery - based 32 bits of keystream\n"); | |
18 | printf("Recover key from two 32-bit reader authentication answers only!\n\n"); | |
19 | ||
20 | if (argc < 7) { | |
21 | printf(" syntax: %s <uid> <nt> <{nr_0}> <{ar_0}> <{nr_1}> <{ar_1}>\n\n",argv[0]); | |
22 | return 1; | |
23 | } | |
24 | ||
25 | sscanf(argv[1],"%x",&uid); | |
26 | sscanf(argv[2],"%x",&nt); | |
27 | sscanf(argv[3],"%x",&nr0_enc); | |
28 | sscanf(argv[4],"%x",&ar0_enc); | |
29 | sscanf(argv[5],"%x",&nr1_enc); | |
30 | sscanf(argv[6],"%x",&ar1_enc); | |
31 | ||
32 | printf("Recovering key for:\n"); | |
33 | printf(" uid: %08x\n",uid); | |
34 | printf(" nt: %08x\n",nt); | |
35 | printf(" {nr_0}: %08x\n",nr0_enc); | |
36 | printf(" {ar_0}: %08x\n",ar0_enc); | |
37 | printf(" {nr_1}: %08x\n",nr1_enc); | |
38 | printf(" {ar_1}: %08x\n",ar1_enc); | |
39 | ||
40 | // Generate lfsr succesors of the tag challenge | |
41 | printf("\nLFSR succesors of the tag challenge:\n"); | |
42 | printf(" nt': %08x\n",prng_successor(nt, 64)); | |
43 | printf(" nt'': %08x\n",prng_successor(nt, 96)); | |
44 | ||
45 | // Extract the keystream from the messages | |
46 | printf("\nKeystream used to generate {ar} and {at}:\n"); | |
47 | ks2 = ar0_enc ^ prng_successor(nt, 64); | |
48 | printf(" ks2: %08x\n",ks2); | |
49 | ||
50 | s = lfsr_recovery32(ar0_enc ^ prng_successor(nt, 64), 0); | |
51 | ||
52 | for(t = s; t->odd | t->even; ++t) { | |
53 | lfsr_rollback_word(t, 0, 0); | |
54 | lfsr_rollback_word(t, nr0_enc, 1); | |
55 | lfsr_rollback_word(t, uid ^ nt, 0); | |
56 | crypto1_get_lfsr(t, &key); | |
57 | crypto1_word(t, uid ^ nt, 0); | |
58 | crypto1_word(t, nr1_enc, 1); | |
59 | if (ar1_enc == (crypto1_word(t, 0, 0) ^ prng_successor(nt, 64))) { | |
4c16ae80 | 60 | printf("\nFound Key: [%012" PRIx64 "]\n\n",key); |
cda056bb | 61 | break; |
62 | } | |
63 | } | |
64 | free(s); | |
65 | ||
66 | return 0; | |
67 | } |